]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
object-name.h: move declarations for object-name.c functions from cache.h
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "tag.h"
26 #include "gpg-interface.h"
27 #include "sigchain.h"
28 #include "fsck.h"
29 #include "tmp-objdir.h"
30 #include "oidset.h"
31 #include "packfile.h"
32 #include "object-name.h"
33 #include "object-store.h"
34 #include "protocol.h"
35 #include "commit-reach.h"
36 #include "trace.h"
37 #include "trace2.h"
38 #include "worktree.h"
39 #include "shallow.h"
40 #include "wrapper.h"
41
42 static const char * const receive_pack_usage[] = {
43 N_("git receive-pack <git-dir>"),
44 NULL
45 };
46
47 enum deny_action {
48 DENY_UNCONFIGURED,
49 DENY_IGNORE,
50 DENY_WARN,
51 DENY_REFUSE,
52 DENY_UPDATE_INSTEAD
53 };
54
55 static int deny_deletes;
56 static int deny_non_fast_forwards;
57 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
58 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
59 static int receive_fsck_objects = -1;
60 static int transfer_fsck_objects = -1;
61 static struct strbuf fsck_msg_types = STRBUF_INIT;
62 static int receive_unpack_limit = -1;
63 static int transfer_unpack_limit = -1;
64 static int advertise_atomic_push = 1;
65 static int advertise_push_options;
66 static int advertise_sid;
67 static int unpack_limit = 100;
68 static off_t max_input_size;
69 static int report_status;
70 static int report_status_v2;
71 static int use_sideband;
72 static int use_atomic;
73 static int use_push_options;
74 static int quiet;
75 static int prefer_ofs_delta = 1;
76 static int auto_update_server_info;
77 static int auto_gc = 1;
78 static int reject_thin;
79 static int stateless_rpc;
80 static const char *service_dir;
81 static const char *head_name;
82 static void *head_name_to_free;
83 static int sent_capabilities;
84 static int shallow_update;
85 static const char *alt_shallow_file;
86 static struct strbuf push_cert = STRBUF_INIT;
87 static struct object_id push_cert_oid;
88 static struct signature_check sigcheck;
89 static const char *push_cert_nonce;
90 static const char *cert_nonce_seed;
91 static struct string_list hidden_refs = STRING_LIST_INIT_DUP;
92
93 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
94 static const char *NONCE_BAD = "BAD";
95 static const char *NONCE_MISSING = "MISSING";
96 static const char *NONCE_OK = "OK";
97 static const char *NONCE_SLOP = "SLOP";
98 static const char *nonce_status;
99 static long nonce_stamp_slop;
100 static timestamp_t nonce_stamp_slop_limit;
101 static struct ref_transaction *transaction;
102
103 static enum {
104 KEEPALIVE_NEVER = 0,
105 KEEPALIVE_AFTER_NUL,
106 KEEPALIVE_ALWAYS
107 } use_keepalive;
108 static int keepalive_in_sec = 5;
109
110 static struct tmp_objdir *tmp_objdir;
111
112 static struct proc_receive_ref {
113 unsigned int want_add:1,
114 want_delete:1,
115 want_modify:1,
116 negative_ref:1;
117 char *ref_prefix;
118 struct proc_receive_ref *next;
119 } *proc_receive_ref;
120
121 static void proc_receive_ref_append(const char *prefix);
122
123 static enum deny_action parse_deny_action(const char *var, const char *value)
124 {
125 if (value) {
126 if (!strcasecmp(value, "ignore"))
127 return DENY_IGNORE;
128 if (!strcasecmp(value, "warn"))
129 return DENY_WARN;
130 if (!strcasecmp(value, "refuse"))
131 return DENY_REFUSE;
132 if (!strcasecmp(value, "updateinstead"))
133 return DENY_UPDATE_INSTEAD;
134 }
135 if (git_config_bool(var, value))
136 return DENY_REFUSE;
137 return DENY_IGNORE;
138 }
139
140 static int receive_pack_config(const char *var, const char *value, void *cb)
141 {
142 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
143
144 if (status)
145 return status;
146
147 if (strcmp(var, "receive.denydeletes") == 0) {
148 deny_deletes = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.denynonfastforwards") == 0) {
153 deny_non_fast_forwards = git_config_bool(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.unpacklimit") == 0) {
158 receive_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "transfer.unpacklimit") == 0) {
163 transfer_unpack_limit = git_config_int(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "receive.fsck.skiplist") == 0) {
168 const char *path;
169
170 if (git_config_pathname(&path, var, value))
171 return 1;
172 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
173 fsck_msg_types.len ? ',' : '=', path);
174 free((char *)path);
175 return 0;
176 }
177
178 if (skip_prefix(var, "receive.fsck.", &var)) {
179 if (is_valid_msg_type(var, value))
180 strbuf_addf(&fsck_msg_types, "%c%s=%s",
181 fsck_msg_types.len ? ',' : '=', var, value);
182 else
183 warning("skipping unknown msg id '%s'", var);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.fsckobjects") == 0) {
188 receive_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "transfer.fsckobjects") == 0) {
193 transfer_fsck_objects = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (!strcmp(var, "receive.denycurrentbranch")) {
198 deny_current_branch = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.denydeletecurrent") == 0) {
203 deny_delete_current = parse_deny_action(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
208 prefer_ofs_delta = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.updateserverinfo") == 0) {
213 auto_update_server_info = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.autogc") == 0) {
218 auto_gc = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.shallowupdate") == 0) {
223 shallow_update = git_config_bool(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.certnonceseed") == 0)
228 return git_config_string(&cert_nonce_seed, var, value);
229
230 if (strcmp(var, "receive.certnonceslop") == 0) {
231 nonce_stamp_slop_limit = git_config_ulong(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertiseatomic") == 0) {
236 advertise_atomic_push = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.advertisepushoptions") == 0) {
241 advertise_push_options = git_config_bool(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.keepalive") == 0) {
246 keepalive_in_sec = git_config_int(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.maxinputsize") == 0) {
251 max_input_size = git_config_int64(var, value);
252 return 0;
253 }
254
255 if (strcmp(var, "receive.procreceiverefs") == 0) {
256 if (!value)
257 return config_error_nonbool(var);
258 proc_receive_ref_append(value);
259 return 0;
260 }
261
262 if (strcmp(var, "transfer.advertisesid") == 0) {
263 advertise_sid = git_config_bool(var, value);
264 return 0;
265 }
266
267 return git_default_config(var, value, cb);
268 }
269
270 static void show_ref(const char *path, const struct object_id *oid)
271 {
272 if (sent_capabilities) {
273 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
274 } else {
275 struct strbuf cap = STRBUF_INIT;
276
277 strbuf_addstr(&cap,
278 "report-status report-status-v2 delete-refs side-band-64k quiet");
279 if (advertise_atomic_push)
280 strbuf_addstr(&cap, " atomic");
281 if (prefer_ofs_delta)
282 strbuf_addstr(&cap, " ofs-delta");
283 if (push_cert_nonce)
284 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
285 if (advertise_push_options)
286 strbuf_addstr(&cap, " push-options");
287 if (advertise_sid)
288 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
289 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
290 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
291 packet_write_fmt(1, "%s %s%c%s\n",
292 oid_to_hex(oid), path, 0, cap.buf);
293 strbuf_release(&cap);
294 sent_capabilities = 1;
295 }
296 }
297
298 static int show_ref_cb(const char *path_full, const struct object_id *oid,
299 int flag UNUSED, void *data)
300 {
301 struct oidset *seen = data;
302 const char *path = strip_namespace(path_full);
303
304 if (ref_is_hidden(path, path_full, &hidden_refs))
305 return 0;
306
307 /*
308 * Advertise refs outside our current namespace as ".have"
309 * refs, so that the client can use them to minimize data
310 * transfer but will otherwise ignore them.
311 */
312 if (!path) {
313 if (oidset_insert(seen, oid))
314 return 0;
315 path = ".have";
316 } else {
317 oidset_insert(seen, oid);
318 }
319 show_ref(path, oid);
320 return 0;
321 }
322
323 static void show_one_alternate_ref(const struct object_id *oid,
324 void *data)
325 {
326 struct oidset *seen = data;
327
328 if (oidset_insert(seen, oid))
329 return;
330
331 show_ref(".have", oid);
332 }
333
334 static void write_head_info(void)
335 {
336 static struct oidset seen = OIDSET_INIT;
337
338 for_each_ref(show_ref_cb, &seen);
339 for_each_alternate_ref(show_one_alternate_ref, &seen);
340 oidset_clear(&seen);
341 if (!sent_capabilities)
342 show_ref("capabilities^{}", null_oid());
343
344 advertise_shallow_grafts(1);
345
346 /* EOF */
347 packet_flush(1);
348 }
349
350 #define RUN_PROC_RECEIVE_SCHEDULED 1
351 #define RUN_PROC_RECEIVE_RETURNED 2
352 struct command {
353 struct command *next;
354 const char *error_string;
355 struct ref_push_report *report;
356 unsigned int skip_update:1,
357 did_not_exist:1,
358 run_proc_receive:2;
359 int index;
360 struct object_id old_oid;
361 struct object_id new_oid;
362 char ref_name[FLEX_ARRAY]; /* more */
363 };
364
365 static void proc_receive_ref_append(const char *prefix)
366 {
367 struct proc_receive_ref *ref_pattern;
368 char *p;
369 int len;
370
371 CALLOC_ARRAY(ref_pattern, 1);
372 p = strchr(prefix, ':');
373 if (p) {
374 while (prefix < p) {
375 if (*prefix == 'a')
376 ref_pattern->want_add = 1;
377 else if (*prefix == 'd')
378 ref_pattern->want_delete = 1;
379 else if (*prefix == 'm')
380 ref_pattern->want_modify = 1;
381 else if (*prefix == '!')
382 ref_pattern->negative_ref = 1;
383 prefix++;
384 }
385 prefix++;
386 } else {
387 ref_pattern->want_add = 1;
388 ref_pattern->want_delete = 1;
389 ref_pattern->want_modify = 1;
390 }
391 len = strlen(prefix);
392 while (len && prefix[len - 1] == '/')
393 len--;
394 ref_pattern->ref_prefix = xmemdupz(prefix, len);
395 if (!proc_receive_ref) {
396 proc_receive_ref = ref_pattern;
397 } else {
398 struct proc_receive_ref *end;
399
400 end = proc_receive_ref;
401 while (end->next)
402 end = end->next;
403 end->next = ref_pattern;
404 }
405 }
406
407 static int proc_receive_ref_matches(struct command *cmd)
408 {
409 struct proc_receive_ref *p;
410
411 if (!proc_receive_ref)
412 return 0;
413
414 for (p = proc_receive_ref; p; p = p->next) {
415 const char *match = p->ref_prefix;
416 const char *remains;
417
418 if (!p->want_add && is_null_oid(&cmd->old_oid))
419 continue;
420 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
421 continue;
422 else if (!p->want_modify &&
423 !is_null_oid(&cmd->old_oid) &&
424 !is_null_oid(&cmd->new_oid))
425 continue;
426
427 if (skip_prefix(cmd->ref_name, match, &remains) &&
428 (!*remains || *remains == '/')) {
429 if (!p->negative_ref)
430 return 1;
431 } else if (p->negative_ref) {
432 return 1;
433 }
434 }
435 return 0;
436 }
437
438 static void report_message(const char *prefix, const char *err, va_list params)
439 {
440 int sz;
441 char msg[4096];
442
443 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
444 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
445 if (sz > (sizeof(msg) - 1))
446 sz = sizeof(msg) - 1;
447 msg[sz++] = '\n';
448
449 if (use_sideband)
450 send_sideband(1, 2, msg, sz, use_sideband);
451 else
452 xwrite(2, msg, sz);
453 }
454
455 __attribute__((format (printf, 1, 2)))
456 static void rp_warning(const char *err, ...)
457 {
458 va_list params;
459 va_start(params, err);
460 report_message("warning: ", err, params);
461 va_end(params);
462 }
463
464 __attribute__((format (printf, 1, 2)))
465 static void rp_error(const char *err, ...)
466 {
467 va_list params;
468 va_start(params, err);
469 report_message("error: ", err, params);
470 va_end(params);
471 }
472
473 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
474 {
475 char data[128];
476 int keepalive_active = 0;
477
478 if (keepalive_in_sec <= 0)
479 use_keepalive = KEEPALIVE_NEVER;
480 if (use_keepalive == KEEPALIVE_ALWAYS)
481 keepalive_active = 1;
482
483 while (1) {
484 ssize_t sz;
485
486 if (keepalive_active) {
487 struct pollfd pfd;
488 int ret;
489
490 pfd.fd = in;
491 pfd.events = POLLIN;
492 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
493
494 if (ret < 0) {
495 if (errno == EINTR)
496 continue;
497 else
498 break;
499 } else if (ret == 0) {
500 /* no data; send a keepalive packet */
501 static const char buf[] = "0005\1";
502 write_or_die(1, buf, sizeof(buf) - 1);
503 continue;
504 } /* else there is actual data to read */
505 }
506
507 sz = xread(in, data, sizeof(data));
508 if (sz <= 0)
509 break;
510
511 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
512 const char *p = memchr(data, '\0', sz);
513 if (p) {
514 /*
515 * The NUL tells us to start sending keepalives. Make
516 * sure we send any other data we read along
517 * with it.
518 */
519 keepalive_active = 1;
520 send_sideband(1, 2, data, p - data, use_sideband);
521 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
522 continue;
523 }
524 }
525
526 /*
527 * Either we're not looking for a NUL signal, or we didn't see
528 * it yet; just pass along the data.
529 */
530 send_sideband(1, 2, data, sz, use_sideband);
531 }
532 close(in);
533 return 0;
534 }
535
536 static void hmac_hash(unsigned char *out,
537 const char *key_in, size_t key_len,
538 const char *text, size_t text_len)
539 {
540 unsigned char key[GIT_MAX_BLKSZ];
541 unsigned char k_ipad[GIT_MAX_BLKSZ];
542 unsigned char k_opad[GIT_MAX_BLKSZ];
543 int i;
544 git_hash_ctx ctx;
545
546 /* RFC 2104 2. (1) */
547 memset(key, '\0', GIT_MAX_BLKSZ);
548 if (the_hash_algo->blksz < key_len) {
549 the_hash_algo->init_fn(&ctx);
550 the_hash_algo->update_fn(&ctx, key_in, key_len);
551 the_hash_algo->final_fn(key, &ctx);
552 } else {
553 memcpy(key, key_in, key_len);
554 }
555
556 /* RFC 2104 2. (2) & (5) */
557 for (i = 0; i < sizeof(key); i++) {
558 k_ipad[i] = key[i] ^ 0x36;
559 k_opad[i] = key[i] ^ 0x5c;
560 }
561
562 /* RFC 2104 2. (3) & (4) */
563 the_hash_algo->init_fn(&ctx);
564 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
565 the_hash_algo->update_fn(&ctx, text, text_len);
566 the_hash_algo->final_fn(out, &ctx);
567
568 /* RFC 2104 2. (6) & (7) */
569 the_hash_algo->init_fn(&ctx);
570 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
571 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
572 the_hash_algo->final_fn(out, &ctx);
573 }
574
575 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
576 {
577 struct strbuf buf = STRBUF_INIT;
578 unsigned char hash[GIT_MAX_RAWSZ];
579
580 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
581 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
582 strbuf_release(&buf);
583
584 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
585 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
586 return strbuf_detach(&buf, NULL);
587 }
588
589 static char *find_header(const char *msg, size_t len, const char *key,
590 const char **next_line)
591 {
592 size_t out_len;
593 const char *val = find_header_mem(msg, len, key, &out_len);
594
595 if (!val)
596 return NULL;
597
598 if (next_line)
599 *next_line = val + out_len + 1;
600
601 return xmemdupz(val, out_len);
602 }
603
604 /*
605 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
606 * This operation is guaranteed to run in constant time to avoid leaking data.
607 */
608 static int constant_memequal(const char *a, const char *b, size_t n)
609 {
610 int res = 0;
611 size_t i;
612
613 for (i = 0; i < n; i++)
614 res |= a[i] ^ b[i];
615 return res;
616 }
617
618 static const char *check_nonce(const char *buf, size_t len)
619 {
620 char *nonce = find_header(buf, len, "nonce", NULL);
621 timestamp_t stamp, ostamp;
622 char *bohmac, *expect = NULL;
623 const char *retval = NONCE_BAD;
624 size_t noncelen;
625
626 if (!nonce) {
627 retval = NONCE_MISSING;
628 goto leave;
629 } else if (!push_cert_nonce) {
630 retval = NONCE_UNSOLICITED;
631 goto leave;
632 } else if (!strcmp(push_cert_nonce, nonce)) {
633 retval = NONCE_OK;
634 goto leave;
635 }
636
637 if (!stateless_rpc) {
638 /* returned nonce MUST match what we gave out earlier */
639 retval = NONCE_BAD;
640 goto leave;
641 }
642
643 /*
644 * In stateless mode, we may be receiving a nonce issued by
645 * another instance of the server that serving the same
646 * repository, and the timestamps may not match, but the
647 * nonce-seed and dir should match, so we can recompute and
648 * report the time slop.
649 *
650 * In addition, when a nonce issued by another instance has
651 * timestamp within receive.certnonceslop seconds, we pretend
652 * as if we issued that nonce when reporting to the hook.
653 */
654
655 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
656 if (*nonce <= '0' || '9' < *nonce) {
657 retval = NONCE_BAD;
658 goto leave;
659 }
660 stamp = parse_timestamp(nonce, &bohmac, 10);
661 if (bohmac == nonce || bohmac[0] != '-') {
662 retval = NONCE_BAD;
663 goto leave;
664 }
665
666 noncelen = strlen(nonce);
667 expect = prepare_push_cert_nonce(service_dir, stamp);
668 if (noncelen != strlen(expect)) {
669 /* This is not even the right size. */
670 retval = NONCE_BAD;
671 goto leave;
672 }
673 if (constant_memequal(expect, nonce, noncelen)) {
674 /* Not what we would have signed earlier */
675 retval = NONCE_BAD;
676 goto leave;
677 }
678
679 /*
680 * By how many seconds is this nonce stale? Negative value
681 * would mean it was issued by another server with its clock
682 * skewed in the future.
683 */
684 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
685 nonce_stamp_slop = (long)ostamp - (long)stamp;
686
687 if (nonce_stamp_slop_limit &&
688 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
689 /*
690 * Pretend as if the received nonce (which passes the
691 * HMAC check, so it is not a forged by third-party)
692 * is what we issued.
693 */
694 free((void *)push_cert_nonce);
695 push_cert_nonce = xstrdup(nonce);
696 retval = NONCE_OK;
697 } else {
698 retval = NONCE_SLOP;
699 }
700
701 leave:
702 free(nonce);
703 free(expect);
704 return retval;
705 }
706
707 /*
708 * Return 1 if there is no push_cert or if the push options in push_cert are
709 * the same as those in the argument; 0 otherwise.
710 */
711 static int check_cert_push_options(const struct string_list *push_options)
712 {
713 const char *buf = push_cert.buf;
714 int len = push_cert.len;
715
716 char *option;
717 const char *next_line;
718 int options_seen = 0;
719
720 int retval = 1;
721
722 if (!len)
723 return 1;
724
725 while ((option = find_header(buf, len, "push-option", &next_line))) {
726 len -= (next_line - buf);
727 buf = next_line;
728 options_seen++;
729 if (options_seen > push_options->nr
730 || strcmp(option,
731 push_options->items[options_seen - 1].string)) {
732 retval = 0;
733 goto leave;
734 }
735 free(option);
736 }
737
738 if (options_seen != push_options->nr)
739 retval = 0;
740
741 leave:
742 free(option);
743 return retval;
744 }
745
746 static void prepare_push_cert_sha1(struct child_process *proc)
747 {
748 static int already_done;
749
750 if (!push_cert.len)
751 return;
752
753 if (!already_done) {
754 int bogs /* beginning_of_gpg_sig */;
755
756 already_done = 1;
757 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
758 &push_cert_oid))
759 oidclr(&push_cert_oid);
760
761 memset(&sigcheck, '\0', sizeof(sigcheck));
762
763 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
764 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
765 sigcheck.payload_len = bogs;
766 check_signature(&sigcheck, push_cert.buf + bogs,
767 push_cert.len - bogs);
768
769 nonce_status = check_nonce(push_cert.buf, bogs);
770 }
771 if (!is_null_oid(&push_cert_oid)) {
772 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
773 oid_to_hex(&push_cert_oid));
774 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
775 sigcheck.signer ? sigcheck.signer : "");
776 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
777 sigcheck.key ? sigcheck.key : "");
778 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
779 sigcheck.result);
780 if (push_cert_nonce) {
781 strvec_pushf(&proc->env,
782 "GIT_PUSH_CERT_NONCE=%s",
783 push_cert_nonce);
784 strvec_pushf(&proc->env,
785 "GIT_PUSH_CERT_NONCE_STATUS=%s",
786 nonce_status);
787 if (nonce_status == NONCE_SLOP)
788 strvec_pushf(&proc->env,
789 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
790 nonce_stamp_slop);
791 }
792 }
793 }
794
795 struct receive_hook_feed_state {
796 struct command *cmd;
797 struct ref_push_report *report;
798 int skip_broken;
799 struct strbuf buf;
800 const struct string_list *push_options;
801 };
802
803 typedef int (*feed_fn)(void *, const char **, size_t *);
804 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
805 struct receive_hook_feed_state *feed_state)
806 {
807 struct child_process proc = CHILD_PROCESS_INIT;
808 struct async muxer;
809 int code;
810 const char *hook_path = find_hook(hook_name);
811
812 if (!hook_path)
813 return 0;
814
815 strvec_push(&proc.args, hook_path);
816 proc.in = -1;
817 proc.stdout_to_stderr = 1;
818 proc.trace2_hook_name = hook_name;
819
820 if (feed_state->push_options) {
821 size_t i;
822 for (i = 0; i < feed_state->push_options->nr; i++)
823 strvec_pushf(&proc.env,
824 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
825 (uintmax_t)i,
826 feed_state->push_options->items[i].string);
827 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
828 (uintmax_t)feed_state->push_options->nr);
829 } else
830 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
831
832 if (tmp_objdir)
833 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
834
835 if (use_sideband) {
836 memset(&muxer, 0, sizeof(muxer));
837 muxer.proc = copy_to_sideband;
838 muxer.in = -1;
839 code = start_async(&muxer);
840 if (code)
841 return code;
842 proc.err = muxer.in;
843 }
844
845 prepare_push_cert_sha1(&proc);
846
847 code = start_command(&proc);
848 if (code) {
849 if (use_sideband)
850 finish_async(&muxer);
851 return code;
852 }
853
854 sigchain_push(SIGPIPE, SIG_IGN);
855
856 while (1) {
857 const char *buf;
858 size_t n;
859 if (feed(feed_state, &buf, &n))
860 break;
861 if (write_in_full(proc.in, buf, n) < 0)
862 break;
863 }
864 close(proc.in);
865 if (use_sideband)
866 finish_async(&muxer);
867
868 sigchain_pop(SIGPIPE);
869
870 return finish_command(&proc);
871 }
872
873 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
874 {
875 struct receive_hook_feed_state *state = state_;
876 struct command *cmd = state->cmd;
877
878 while (cmd &&
879 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
880 cmd = cmd->next;
881 if (!cmd)
882 return -1; /* EOF */
883 if (!bufp)
884 return 0; /* OK, can feed something. */
885 strbuf_reset(&state->buf);
886 if (!state->report)
887 state->report = cmd->report;
888 if (state->report) {
889 struct object_id *old_oid;
890 struct object_id *new_oid;
891 const char *ref_name;
892
893 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
894 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
895 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
896 strbuf_addf(&state->buf, "%s %s %s\n",
897 oid_to_hex(old_oid), oid_to_hex(new_oid),
898 ref_name);
899 state->report = state->report->next;
900 if (!state->report)
901 state->cmd = cmd->next;
902 } else {
903 strbuf_addf(&state->buf, "%s %s %s\n",
904 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
905 cmd->ref_name);
906 state->cmd = cmd->next;
907 }
908 if (bufp) {
909 *bufp = state->buf.buf;
910 *sizep = state->buf.len;
911 }
912 return 0;
913 }
914
915 static int run_receive_hook(struct command *commands,
916 const char *hook_name,
917 int skip_broken,
918 const struct string_list *push_options)
919 {
920 struct receive_hook_feed_state state;
921 int status;
922
923 strbuf_init(&state.buf, 0);
924 state.cmd = commands;
925 state.skip_broken = skip_broken;
926 state.report = NULL;
927 if (feed_receive_hook(&state, NULL, NULL))
928 return 0;
929 state.cmd = commands;
930 state.push_options = push_options;
931 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
932 strbuf_release(&state.buf);
933 return status;
934 }
935
936 static int run_update_hook(struct command *cmd)
937 {
938 struct child_process proc = CHILD_PROCESS_INIT;
939 int code;
940 const char *hook_path = find_hook("update");
941
942 if (!hook_path)
943 return 0;
944
945 strvec_push(&proc.args, hook_path);
946 strvec_push(&proc.args, cmd->ref_name);
947 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
948 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
949
950 proc.no_stdin = 1;
951 proc.stdout_to_stderr = 1;
952 proc.err = use_sideband ? -1 : 0;
953 proc.trace2_hook_name = "update";
954
955 code = start_command(&proc);
956 if (code)
957 return code;
958 if (use_sideband)
959 copy_to_sideband(proc.err, -1, NULL);
960 return finish_command(&proc);
961 }
962
963 static struct command *find_command_by_refname(struct command *list,
964 const char *refname)
965 {
966 for (; list; list = list->next)
967 if (!strcmp(list->ref_name, refname))
968 return list;
969 return NULL;
970 }
971
972 static int read_proc_receive_report(struct packet_reader *reader,
973 struct command *commands,
974 struct strbuf *errmsg)
975 {
976 struct command *cmd;
977 struct command *hint = NULL;
978 struct ref_push_report *report = NULL;
979 int new_report = 0;
980 int code = 0;
981 int once = 0;
982 int response = 0;
983
984 for (;;) {
985 struct object_id old_oid, new_oid;
986 const char *head;
987 const char *refname;
988 char *p;
989 enum packet_read_status status;
990
991 status = packet_reader_read(reader);
992 if (status != PACKET_READ_NORMAL) {
993 /* Check whether proc-receive exited abnormally */
994 if (status == PACKET_READ_EOF && !response) {
995 strbuf_addstr(errmsg, "proc-receive exited abnormally");
996 return -1;
997 }
998 break;
999 }
1000 response++;
1001
1002 head = reader->line;
1003 p = strchr(head, ' ');
1004 if (!p) {
1005 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1006 code = -1;
1007 continue;
1008 }
1009 *p++ = '\0';
1010 if (!strcmp(head, "option")) {
1011 const char *key, *val;
1012
1013 if (!hint || !(report || new_report)) {
1014 if (!once++)
1015 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1016 code = -1;
1017 continue;
1018 }
1019 if (new_report) {
1020 if (!hint->report) {
1021 CALLOC_ARRAY(hint->report, 1);
1022 report = hint->report;
1023 } else {
1024 report = hint->report;
1025 while (report->next)
1026 report = report->next;
1027 report->next = xcalloc(1, sizeof(struct ref_push_report));
1028 report = report->next;
1029 }
1030 new_report = 0;
1031 }
1032 key = p;
1033 p = strchr(key, ' ');
1034 if (p)
1035 *p++ = '\0';
1036 val = p;
1037 if (!strcmp(key, "refname"))
1038 report->ref_name = xstrdup_or_null(val);
1039 else if (!strcmp(key, "old-oid") && val &&
1040 !parse_oid_hex(val, &old_oid, &val))
1041 report->old_oid = oiddup(&old_oid);
1042 else if (!strcmp(key, "new-oid") && val &&
1043 !parse_oid_hex(val, &new_oid, &val))
1044 report->new_oid = oiddup(&new_oid);
1045 else if (!strcmp(key, "forced-update"))
1046 report->forced_update = 1;
1047 else if (!strcmp(key, "fall-through"))
1048 /* Fall through, let 'receive-pack' to execute it. */
1049 hint->run_proc_receive = 0;
1050 continue;
1051 }
1052
1053 report = NULL;
1054 new_report = 0;
1055 refname = p;
1056 p = strchr(refname, ' ');
1057 if (p)
1058 *p++ = '\0';
1059 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1060 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1061 head, refname);
1062 code = -1;
1063 continue;
1064 }
1065
1066 /* first try searching at our hint, falling back to all refs */
1067 if (hint)
1068 hint = find_command_by_refname(hint, refname);
1069 if (!hint)
1070 hint = find_command_by_refname(commands, refname);
1071 if (!hint) {
1072 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1073 refname);
1074 code = -1;
1075 continue;
1076 }
1077 if (!hint->run_proc_receive) {
1078 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1079 refname);
1080 code = -1;
1081 continue;
1082 }
1083 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1084 if (!strcmp(head, "ng")) {
1085 if (p)
1086 hint->error_string = xstrdup(p);
1087 else
1088 hint->error_string = "failed";
1089 code = -1;
1090 continue;
1091 }
1092 new_report = 1;
1093 }
1094
1095 for (cmd = commands; cmd; cmd = cmd->next)
1096 if (cmd->run_proc_receive && !cmd->error_string &&
1097 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1098 cmd->error_string = "proc-receive failed to report status";
1099 code = -1;
1100 }
1101 return code;
1102 }
1103
1104 static int run_proc_receive_hook(struct command *commands,
1105 const struct string_list *push_options)
1106 {
1107 struct child_process proc = CHILD_PROCESS_INIT;
1108 struct async muxer;
1109 struct command *cmd;
1110 struct packet_reader reader;
1111 struct strbuf cap = STRBUF_INIT;
1112 struct strbuf errmsg = STRBUF_INIT;
1113 int hook_use_push_options = 0;
1114 int version = 0;
1115 int code;
1116 const char *hook_path = find_hook("proc-receive");
1117
1118 if (!hook_path) {
1119 rp_error("cannot find hook 'proc-receive'");
1120 return -1;
1121 }
1122
1123 strvec_push(&proc.args, hook_path);
1124 proc.in = -1;
1125 proc.out = -1;
1126 proc.trace2_hook_name = "proc-receive";
1127
1128 if (use_sideband) {
1129 memset(&muxer, 0, sizeof(muxer));
1130 muxer.proc = copy_to_sideband;
1131 muxer.in = -1;
1132 code = start_async(&muxer);
1133 if (code)
1134 return code;
1135 proc.err = muxer.in;
1136 } else {
1137 proc.err = 0;
1138 }
1139
1140 code = start_command(&proc);
1141 if (code) {
1142 if (use_sideband)
1143 finish_async(&muxer);
1144 return code;
1145 }
1146
1147 sigchain_push(SIGPIPE, SIG_IGN);
1148
1149 /* Version negotiaton */
1150 packet_reader_init(&reader, proc.out, NULL, 0,
1151 PACKET_READ_CHOMP_NEWLINE |
1152 PACKET_READ_GENTLE_ON_EOF);
1153 if (use_atomic)
1154 strbuf_addstr(&cap, " atomic");
1155 if (use_push_options)
1156 strbuf_addstr(&cap, " push-options");
1157 if (cap.len) {
1158 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1159 strbuf_release(&cap);
1160 } else {
1161 code = packet_write_fmt_gently(proc.in, "version=1\n");
1162 }
1163 if (!code)
1164 code = packet_flush_gently(proc.in);
1165
1166 if (!code)
1167 for (;;) {
1168 int linelen;
1169 enum packet_read_status status;
1170
1171 status = packet_reader_read(&reader);
1172 if (status != PACKET_READ_NORMAL) {
1173 /* Check whether proc-receive exited abnormally */
1174 if (status == PACKET_READ_EOF)
1175 code = -1;
1176 break;
1177 }
1178
1179 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1180 version = atoi(reader.line + 8);
1181 linelen = strlen(reader.line);
1182 if (linelen < reader.pktlen) {
1183 const char *feature_list = reader.line + linelen + 1;
1184 if (parse_feature_request(feature_list, "push-options"))
1185 hook_use_push_options = 1;
1186 }
1187 }
1188 }
1189
1190 if (code) {
1191 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1192 goto cleanup;
1193 }
1194
1195 switch (version) {
1196 case 0:
1197 /* fallthrough */
1198 case 1:
1199 break;
1200 default:
1201 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1202 version);
1203 code = -1;
1204 goto cleanup;
1205 }
1206
1207 /* Send commands */
1208 for (cmd = commands; cmd; cmd = cmd->next) {
1209 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1210 continue;
1211 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1212 oid_to_hex(&cmd->old_oid),
1213 oid_to_hex(&cmd->new_oid),
1214 cmd->ref_name);
1215 if (code)
1216 break;
1217 }
1218 if (!code)
1219 code = packet_flush_gently(proc.in);
1220 if (code) {
1221 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1222 goto cleanup;
1223 }
1224
1225 /* Send push options */
1226 if (hook_use_push_options) {
1227 struct string_list_item *item;
1228
1229 for_each_string_list_item(item, push_options) {
1230 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1231 if (code)
1232 break;
1233 }
1234 if (!code)
1235 code = packet_flush_gently(proc.in);
1236 if (code) {
1237 strbuf_addstr(&errmsg,
1238 "fail to write push-options to proc-receive hook");
1239 goto cleanup;
1240 }
1241 }
1242
1243 /* Read result from proc-receive */
1244 code = read_proc_receive_report(&reader, commands, &errmsg);
1245
1246 cleanup:
1247 close(proc.in);
1248 close(proc.out);
1249 if (use_sideband)
1250 finish_async(&muxer);
1251 if (finish_command(&proc))
1252 code = -1;
1253 if (errmsg.len >0) {
1254 char *p = errmsg.buf;
1255
1256 p += errmsg.len - 1;
1257 if (*p == '\n')
1258 *p = '\0';
1259 rp_error("%s", errmsg.buf);
1260 strbuf_release(&errmsg);
1261 }
1262 sigchain_pop(SIGPIPE);
1263
1264 return code;
1265 }
1266
1267 static char *refuse_unconfigured_deny_msg =
1268 N_("By default, updating the current branch in a non-bare repository\n"
1269 "is denied, because it will make the index and work tree inconsistent\n"
1270 "with what you pushed, and will require 'git reset --hard' to match\n"
1271 "the work tree to HEAD.\n"
1272 "\n"
1273 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1274 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1275 "its current branch; however, this is not recommended unless you\n"
1276 "arranged to update its work tree to match what you pushed in some\n"
1277 "other way.\n"
1278 "\n"
1279 "To squelch this message and still keep the default behaviour, set\n"
1280 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1281
1282 static void refuse_unconfigured_deny(void)
1283 {
1284 rp_error("%s", _(refuse_unconfigured_deny_msg));
1285 }
1286
1287 static char *refuse_unconfigured_deny_delete_current_msg =
1288 N_("By default, deleting the current branch is denied, because the next\n"
1289 "'git clone' won't result in any file checked out, causing confusion.\n"
1290 "\n"
1291 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1292 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1293 "current branch, with or without a warning message.\n"
1294 "\n"
1295 "To squelch this message, you can set it to 'refuse'.");
1296
1297 static void refuse_unconfigured_deny_delete_current(void)
1298 {
1299 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1300 }
1301
1302 static const struct object_id *command_singleton_iterator(void *cb_data);
1303 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1304 {
1305 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1306 struct oid_array extra = OID_ARRAY_INIT;
1307 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1308 uint32_t mask = 1 << (cmd->index % 32);
1309 int i;
1310
1311 trace_printf_key(&trace_shallow,
1312 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1313 for (i = 0; i < si->shallow->nr; i++)
1314 if (si->used_shallow[i] &&
1315 (si->used_shallow[i][cmd->index / 32] & mask) &&
1316 !delayed_reachability_test(si, i))
1317 oid_array_append(&extra, &si->shallow->oid[i]);
1318
1319 opt.env = tmp_objdir_env(tmp_objdir);
1320 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1321 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1322 rollback_shallow_file(the_repository, &shallow_lock);
1323 oid_array_clear(&extra);
1324 return -1;
1325 }
1326
1327 commit_shallow_file(the_repository, &shallow_lock);
1328
1329 /*
1330 * Make sure setup_alternate_shallow() for the next ref does
1331 * not lose these new roots..
1332 */
1333 for (i = 0; i < extra.nr; i++)
1334 register_shallow(the_repository, &extra.oid[i]);
1335
1336 si->shallow_ref[cmd->index] = 0;
1337 oid_array_clear(&extra);
1338 return 0;
1339 }
1340
1341 /*
1342 * NEEDSWORK: we should consolidate various implementions of "are we
1343 * on an unborn branch?" test into one, and make the unified one more
1344 * robust. !get_sha1() based check used here and elsewhere would not
1345 * allow us to tell an unborn branch from corrupt ref, for example.
1346 * For the purpose of fixing "deploy-to-update does not work when
1347 * pushing into an empty repository" issue, this should suffice for
1348 * now.
1349 */
1350 static int head_has_history(void)
1351 {
1352 struct object_id oid;
1353
1354 return !repo_get_oid(the_repository, "HEAD", &oid);
1355 }
1356
1357 static const char *push_to_deploy(unsigned char *sha1,
1358 struct strvec *env,
1359 const char *work_tree)
1360 {
1361 struct child_process child = CHILD_PROCESS_INIT;
1362
1363 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1364 "--refresh", NULL);
1365 strvec_pushv(&child.env, env->v);
1366 child.dir = work_tree;
1367 child.no_stdin = 1;
1368 child.stdout_to_stderr = 1;
1369 child.git_cmd = 1;
1370 if (run_command(&child))
1371 return "Up-to-date check failed";
1372
1373 /* run_command() does not clean up completely; reinitialize */
1374 child_process_init(&child);
1375 strvec_pushl(&child.args, "diff-files", "--quiet",
1376 "--ignore-submodules", "--", NULL);
1377 strvec_pushv(&child.env, env->v);
1378 child.dir = work_tree;
1379 child.no_stdin = 1;
1380 child.stdout_to_stderr = 1;
1381 child.git_cmd = 1;
1382 if (run_command(&child))
1383 return "Working directory has unstaged changes";
1384
1385 child_process_init(&child);
1386 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1387 "--ignore-submodules",
1388 /* diff-index with either HEAD or an empty tree */
1389 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1390 "--", NULL);
1391 strvec_pushv(&child.env, env->v);
1392 child.no_stdin = 1;
1393 child.no_stdout = 1;
1394 child.stdout_to_stderr = 0;
1395 child.git_cmd = 1;
1396 if (run_command(&child))
1397 return "Working directory has staged changes";
1398
1399 child_process_init(&child);
1400 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1401 NULL);
1402 strvec_pushv(&child.env, env->v);
1403 child.dir = work_tree;
1404 child.no_stdin = 1;
1405 child.no_stdout = 1;
1406 child.stdout_to_stderr = 0;
1407 child.git_cmd = 1;
1408 if (run_command(&child))
1409 return "Could not update working tree to new HEAD";
1410
1411 return NULL;
1412 }
1413
1414 static const char *push_to_checkout_hook = "push-to-checkout";
1415
1416 static const char *push_to_checkout(unsigned char *hash,
1417 int *invoked_hook,
1418 struct strvec *env,
1419 const char *work_tree)
1420 {
1421 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1422 opt.invoked_hook = invoked_hook;
1423
1424 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1425 strvec_pushv(&opt.env, env->v);
1426 strvec_push(&opt.args, hash_to_hex(hash));
1427 if (run_hooks_opt(push_to_checkout_hook, &opt))
1428 return "push-to-checkout hook declined";
1429 else
1430 return NULL;
1431 }
1432
1433 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1434 {
1435 const char *retval, *git_dir;
1436 struct strvec env = STRVEC_INIT;
1437 int invoked_hook;
1438
1439 if (!worktree || !worktree->path)
1440 BUG("worktree->path must be non-NULL");
1441
1442 if (worktree->is_bare)
1443 return "denyCurrentBranch = updateInstead needs a worktree";
1444 git_dir = get_worktree_git_dir(worktree);
1445
1446 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1447
1448 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1449 if (!invoked_hook)
1450 retval = push_to_deploy(sha1, &env, worktree->path);
1451
1452 strvec_clear(&env);
1453 return retval;
1454 }
1455
1456 static const char *update(struct command *cmd, struct shallow_info *si)
1457 {
1458 const char *name = cmd->ref_name;
1459 struct strbuf namespaced_name_buf = STRBUF_INIT;
1460 static char *namespaced_name;
1461 const char *ret;
1462 struct object_id *old_oid = &cmd->old_oid;
1463 struct object_id *new_oid = &cmd->new_oid;
1464 int do_update_worktree = 0;
1465 struct worktree **worktrees = get_worktrees();
1466 const struct worktree *worktree =
1467 find_shared_symref(worktrees, "HEAD", name);
1468
1469 /* only refs/... are allowed */
1470 if (!starts_with(name, "refs/") ||
1471 check_refname_format(name + 5, is_null_oid(new_oid) ?
1472 REFNAME_ALLOW_ONELEVEL : 0)) {
1473 rp_error("refusing to update funny ref '%s' remotely", name);
1474 ret = "funny refname";
1475 goto out;
1476 }
1477
1478 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1479 free(namespaced_name);
1480 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1481
1482 if (worktree && !worktree->is_bare) {
1483 switch (deny_current_branch) {
1484 case DENY_IGNORE:
1485 break;
1486 case DENY_WARN:
1487 rp_warning("updating the current branch");
1488 break;
1489 case DENY_REFUSE:
1490 case DENY_UNCONFIGURED:
1491 rp_error("refusing to update checked out branch: %s", name);
1492 if (deny_current_branch == DENY_UNCONFIGURED)
1493 refuse_unconfigured_deny();
1494 ret = "branch is currently checked out";
1495 goto out;
1496 case DENY_UPDATE_INSTEAD:
1497 /* pass -- let other checks intervene first */
1498 do_update_worktree = 1;
1499 break;
1500 }
1501 }
1502
1503 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1504 error("unpack should have generated %s, "
1505 "but I can't find it!", oid_to_hex(new_oid));
1506 ret = "bad pack";
1507 goto out;
1508 }
1509
1510 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1511 if (deny_deletes && starts_with(name, "refs/heads/")) {
1512 rp_error("denying ref deletion for %s", name);
1513 ret = "deletion prohibited";
1514 goto out;
1515 }
1516
1517 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1518 switch (deny_delete_current) {
1519 case DENY_IGNORE:
1520 break;
1521 case DENY_WARN:
1522 rp_warning("deleting the current branch");
1523 break;
1524 case DENY_REFUSE:
1525 case DENY_UNCONFIGURED:
1526 case DENY_UPDATE_INSTEAD:
1527 if (deny_delete_current == DENY_UNCONFIGURED)
1528 refuse_unconfigured_deny_delete_current();
1529 rp_error("refusing to delete the current branch: %s", name);
1530 ret = "deletion of the current branch prohibited";
1531 goto out;
1532 default:
1533 ret = "Invalid denyDeleteCurrent setting";
1534 goto out;
1535 }
1536 }
1537 }
1538
1539 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1540 !is_null_oid(old_oid) &&
1541 starts_with(name, "refs/heads/")) {
1542 struct object *old_object, *new_object;
1543 struct commit *old_commit, *new_commit;
1544
1545 old_object = parse_object(the_repository, old_oid);
1546 new_object = parse_object(the_repository, new_oid);
1547
1548 if (!old_object || !new_object ||
1549 old_object->type != OBJ_COMMIT ||
1550 new_object->type != OBJ_COMMIT) {
1551 error("bad sha1 objects for %s", name);
1552 ret = "bad ref";
1553 goto out;
1554 }
1555 old_commit = (struct commit *)old_object;
1556 new_commit = (struct commit *)new_object;
1557 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1558 rp_error("denying non-fast-forward %s"
1559 " (you should pull first)", name);
1560 ret = "non-fast-forward";
1561 goto out;
1562 }
1563 }
1564 if (run_update_hook(cmd)) {
1565 rp_error("hook declined to update %s", name);
1566 ret = "hook declined";
1567 goto out;
1568 }
1569
1570 if (do_update_worktree) {
1571 ret = update_worktree(new_oid->hash, worktree);
1572 if (ret)
1573 goto out;
1574 }
1575
1576 if (is_null_oid(new_oid)) {
1577 struct strbuf err = STRBUF_INIT;
1578 if (!parse_object(the_repository, old_oid)) {
1579 old_oid = NULL;
1580 if (ref_exists(name)) {
1581 rp_warning("allowing deletion of corrupt ref");
1582 } else {
1583 rp_warning("deleting a non-existent ref");
1584 cmd->did_not_exist = 1;
1585 }
1586 }
1587 if (ref_transaction_delete(transaction,
1588 namespaced_name,
1589 old_oid,
1590 0, "push", &err)) {
1591 rp_error("%s", err.buf);
1592 ret = "failed to delete";
1593 } else {
1594 ret = NULL; /* good */
1595 }
1596 strbuf_release(&err);
1597 }
1598 else {
1599 struct strbuf err = STRBUF_INIT;
1600 if (shallow_update && si->shallow_ref[cmd->index] &&
1601 update_shallow_ref(cmd, si)) {
1602 ret = "shallow error";
1603 goto out;
1604 }
1605
1606 if (ref_transaction_update(transaction,
1607 namespaced_name,
1608 new_oid, old_oid,
1609 0, "push",
1610 &err)) {
1611 rp_error("%s", err.buf);
1612 ret = "failed to update ref";
1613 } else {
1614 ret = NULL; /* good */
1615 }
1616 strbuf_release(&err);
1617 }
1618
1619 out:
1620 free_worktrees(worktrees);
1621 return ret;
1622 }
1623
1624 static void run_update_post_hook(struct command *commands)
1625 {
1626 struct command *cmd;
1627 struct child_process proc = CHILD_PROCESS_INIT;
1628 const char *hook;
1629
1630 hook = find_hook("post-update");
1631 if (!hook)
1632 return;
1633
1634 for (cmd = commands; cmd; cmd = cmd->next) {
1635 if (cmd->error_string || cmd->did_not_exist)
1636 continue;
1637 if (!proc.args.nr)
1638 strvec_push(&proc.args, hook);
1639 strvec_push(&proc.args, cmd->ref_name);
1640 }
1641 if (!proc.args.nr)
1642 return;
1643
1644 proc.no_stdin = 1;
1645 proc.stdout_to_stderr = 1;
1646 proc.err = use_sideband ? -1 : 0;
1647 proc.trace2_hook_name = "post-update";
1648
1649 if (!start_command(&proc)) {
1650 if (use_sideband)
1651 copy_to_sideband(proc.err, -1, NULL);
1652 finish_command(&proc);
1653 }
1654 }
1655
1656 static void check_aliased_update_internal(struct command *cmd,
1657 struct string_list *list,
1658 const char *dst_name, int flag)
1659 {
1660 struct string_list_item *item;
1661 struct command *dst_cmd;
1662
1663 if (!(flag & REF_ISSYMREF))
1664 return;
1665
1666 if (!dst_name) {
1667 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1668 cmd->skip_update = 1;
1669 cmd->error_string = "broken symref";
1670 return;
1671 }
1672 dst_name = strip_namespace(dst_name);
1673
1674 if (!(item = string_list_lookup(list, dst_name)))
1675 return;
1676
1677 cmd->skip_update = 1;
1678
1679 dst_cmd = (struct command *) item->util;
1680
1681 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1682 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1683 return;
1684
1685 dst_cmd->skip_update = 1;
1686
1687 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1688 " its target '%s' (%s..%s)",
1689 cmd->ref_name,
1690 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1691 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1692 dst_cmd->ref_name,
1693 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1694 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1695
1696 cmd->error_string = dst_cmd->error_string =
1697 "inconsistent aliased update";
1698 }
1699
1700 static void check_aliased_update(struct command *cmd, struct string_list *list)
1701 {
1702 struct strbuf buf = STRBUF_INIT;
1703 const char *dst_name;
1704 int flag;
1705
1706 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1707 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1708 check_aliased_update_internal(cmd, list, dst_name, flag);
1709 strbuf_release(&buf);
1710 }
1711
1712 static void check_aliased_updates(struct command *commands)
1713 {
1714 struct command *cmd;
1715 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1716
1717 for (cmd = commands; cmd; cmd = cmd->next) {
1718 struct string_list_item *item =
1719 string_list_append(&ref_list, cmd->ref_name);
1720 item->util = (void *)cmd;
1721 }
1722 string_list_sort(&ref_list);
1723
1724 for (cmd = commands; cmd; cmd = cmd->next) {
1725 if (!cmd->error_string)
1726 check_aliased_update(cmd, &ref_list);
1727 }
1728
1729 string_list_clear(&ref_list, 0);
1730 }
1731
1732 static const struct object_id *command_singleton_iterator(void *cb_data)
1733 {
1734 struct command **cmd_list = cb_data;
1735 struct command *cmd = *cmd_list;
1736
1737 if (!cmd || is_null_oid(&cmd->new_oid))
1738 return NULL;
1739 *cmd_list = NULL; /* this returns only one */
1740 return &cmd->new_oid;
1741 }
1742
1743 static void set_connectivity_errors(struct command *commands,
1744 struct shallow_info *si)
1745 {
1746 struct command *cmd;
1747
1748 for (cmd = commands; cmd; cmd = cmd->next) {
1749 struct command *singleton = cmd;
1750 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1751
1752 if (shallow_update && si->shallow_ref[cmd->index])
1753 /* to be checked in update_shallow_ref() */
1754 continue;
1755
1756 opt.env = tmp_objdir_env(tmp_objdir);
1757 if (!check_connected(command_singleton_iterator, &singleton,
1758 &opt))
1759 continue;
1760
1761 cmd->error_string = "missing necessary objects";
1762 }
1763 }
1764
1765 struct iterate_data {
1766 struct command *cmds;
1767 struct shallow_info *si;
1768 };
1769
1770 static const struct object_id *iterate_receive_command_list(void *cb_data)
1771 {
1772 struct iterate_data *data = cb_data;
1773 struct command **cmd_list = &data->cmds;
1774 struct command *cmd = *cmd_list;
1775
1776 for (; cmd; cmd = cmd->next) {
1777 if (shallow_update && data->si->shallow_ref[cmd->index])
1778 /* to be checked in update_shallow_ref() */
1779 continue;
1780 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1781 *cmd_list = cmd->next;
1782 return &cmd->new_oid;
1783 }
1784 }
1785 return NULL;
1786 }
1787
1788 static void reject_updates_to_hidden(struct command *commands)
1789 {
1790 struct strbuf refname_full = STRBUF_INIT;
1791 size_t prefix_len;
1792 struct command *cmd;
1793
1794 strbuf_addstr(&refname_full, get_git_namespace());
1795 prefix_len = refname_full.len;
1796
1797 for (cmd = commands; cmd; cmd = cmd->next) {
1798 if (cmd->error_string)
1799 continue;
1800
1801 strbuf_setlen(&refname_full, prefix_len);
1802 strbuf_addstr(&refname_full, cmd->ref_name);
1803
1804 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1805 continue;
1806 if (is_null_oid(&cmd->new_oid))
1807 cmd->error_string = "deny deleting a hidden ref";
1808 else
1809 cmd->error_string = "deny updating a hidden ref";
1810 }
1811
1812 strbuf_release(&refname_full);
1813 }
1814
1815 static int should_process_cmd(struct command *cmd)
1816 {
1817 return !cmd->error_string && !cmd->skip_update;
1818 }
1819
1820 static void BUG_if_skipped_connectivity_check(struct command *commands,
1821 struct shallow_info *si)
1822 {
1823 struct command *cmd;
1824
1825 for (cmd = commands; cmd; cmd = cmd->next) {
1826 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1827 bug("connectivity check has not been run on ref %s",
1828 cmd->ref_name);
1829 }
1830 BUG_if_bug("connectivity check skipped???");
1831 }
1832
1833 static void execute_commands_non_atomic(struct command *commands,
1834 struct shallow_info *si)
1835 {
1836 struct command *cmd;
1837 struct strbuf err = STRBUF_INIT;
1838
1839 for (cmd = commands; cmd; cmd = cmd->next) {
1840 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1841 continue;
1842
1843 transaction = ref_transaction_begin(&err);
1844 if (!transaction) {
1845 rp_error("%s", err.buf);
1846 strbuf_reset(&err);
1847 cmd->error_string = "transaction failed to start";
1848 continue;
1849 }
1850
1851 cmd->error_string = update(cmd, si);
1852
1853 if (!cmd->error_string
1854 && ref_transaction_commit(transaction, &err)) {
1855 rp_error("%s", err.buf);
1856 strbuf_reset(&err);
1857 cmd->error_string = "failed to update ref";
1858 }
1859 ref_transaction_free(transaction);
1860 }
1861 strbuf_release(&err);
1862 }
1863
1864 static void execute_commands_atomic(struct command *commands,
1865 struct shallow_info *si)
1866 {
1867 struct command *cmd;
1868 struct strbuf err = STRBUF_INIT;
1869 const char *reported_error = "atomic push failure";
1870
1871 transaction = ref_transaction_begin(&err);
1872 if (!transaction) {
1873 rp_error("%s", err.buf);
1874 strbuf_reset(&err);
1875 reported_error = "transaction failed to start";
1876 goto failure;
1877 }
1878
1879 for (cmd = commands; cmd; cmd = cmd->next) {
1880 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1881 continue;
1882
1883 cmd->error_string = update(cmd, si);
1884
1885 if (cmd->error_string)
1886 goto failure;
1887 }
1888
1889 if (ref_transaction_commit(transaction, &err)) {
1890 rp_error("%s", err.buf);
1891 reported_error = "atomic transaction failed";
1892 goto failure;
1893 }
1894 goto cleanup;
1895
1896 failure:
1897 for (cmd = commands; cmd; cmd = cmd->next)
1898 if (!cmd->error_string)
1899 cmd->error_string = reported_error;
1900
1901 cleanup:
1902 ref_transaction_free(transaction);
1903 strbuf_release(&err);
1904 }
1905
1906 static void execute_commands(struct command *commands,
1907 const char *unpacker_error,
1908 struct shallow_info *si,
1909 const struct string_list *push_options)
1910 {
1911 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1912 struct command *cmd;
1913 struct iterate_data data;
1914 struct async muxer;
1915 int err_fd = 0;
1916 int run_proc_receive = 0;
1917
1918 if (unpacker_error) {
1919 for (cmd = commands; cmd; cmd = cmd->next)
1920 cmd->error_string = "unpacker error";
1921 return;
1922 }
1923
1924 if (use_sideband) {
1925 memset(&muxer, 0, sizeof(muxer));
1926 muxer.proc = copy_to_sideband;
1927 muxer.in = -1;
1928 if (!start_async(&muxer))
1929 err_fd = muxer.in;
1930 /* ...else, continue without relaying sideband */
1931 }
1932
1933 data.cmds = commands;
1934 data.si = si;
1935 opt.err_fd = err_fd;
1936 opt.progress = err_fd && !quiet;
1937 opt.env = tmp_objdir_env(tmp_objdir);
1938 opt.exclude_hidden_refs_section = "receive";
1939
1940 if (check_connected(iterate_receive_command_list, &data, &opt))
1941 set_connectivity_errors(commands, si);
1942
1943 if (use_sideband)
1944 finish_async(&muxer);
1945
1946 reject_updates_to_hidden(commands);
1947
1948 /*
1949 * Try to find commands that have special prefix in their reference names,
1950 * and mark them to run an external "proc-receive" hook later.
1951 */
1952 if (proc_receive_ref) {
1953 for (cmd = commands; cmd; cmd = cmd->next) {
1954 if (!should_process_cmd(cmd))
1955 continue;
1956
1957 if (proc_receive_ref_matches(cmd)) {
1958 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1959 run_proc_receive = 1;
1960 }
1961 }
1962 }
1963
1964 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1965 for (cmd = commands; cmd; cmd = cmd->next) {
1966 if (!cmd->error_string)
1967 cmd->error_string = "pre-receive hook declined";
1968 }
1969 return;
1970 }
1971
1972 /*
1973 * If there is no command ready to run, should return directly to destroy
1974 * temporary data in the quarantine area.
1975 */
1976 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1977 ; /* nothing */
1978 if (!cmd)
1979 return;
1980
1981 /*
1982 * Now we'll start writing out refs, which means the objects need
1983 * to be in their final positions so that other processes can see them.
1984 */
1985 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1986 for (cmd = commands; cmd; cmd = cmd->next) {
1987 if (!cmd->error_string)
1988 cmd->error_string = "unable to migrate objects to permanent storage";
1989 }
1990 return;
1991 }
1992 tmp_objdir = NULL;
1993
1994 check_aliased_updates(commands);
1995
1996 free(head_name_to_free);
1997 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1998
1999 if (run_proc_receive &&
2000 run_proc_receive_hook(commands, push_options))
2001 for (cmd = commands; cmd; cmd = cmd->next)
2002 if (!cmd->error_string &&
2003 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2004 (cmd->run_proc_receive || use_atomic))
2005 cmd->error_string = "fail to run proc-receive hook";
2006
2007 if (use_atomic)
2008 execute_commands_atomic(commands, si);
2009 else
2010 execute_commands_non_atomic(commands, si);
2011
2012 if (shallow_update)
2013 BUG_if_skipped_connectivity_check(commands, si);
2014 }
2015
2016 static struct command **queue_command(struct command **tail,
2017 const char *line,
2018 int linelen)
2019 {
2020 struct object_id old_oid, new_oid;
2021 struct command *cmd;
2022 const char *refname;
2023 int reflen;
2024 const char *p;
2025
2026 if (parse_oid_hex(line, &old_oid, &p) ||
2027 *p++ != ' ' ||
2028 parse_oid_hex(p, &new_oid, &p) ||
2029 *p++ != ' ')
2030 die("protocol error: expected old/new/ref, got '%s'", line);
2031
2032 refname = p;
2033 reflen = linelen - (p - line);
2034 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2035 oidcpy(&cmd->old_oid, &old_oid);
2036 oidcpy(&cmd->new_oid, &new_oid);
2037 *tail = cmd;
2038 return &cmd->next;
2039 }
2040
2041 static void free_commands(struct command *commands)
2042 {
2043 while (commands) {
2044 struct command *next = commands->next;
2045
2046 free(commands);
2047 commands = next;
2048 }
2049 }
2050
2051 static void queue_commands_from_cert(struct command **tail,
2052 struct strbuf *push_cert)
2053 {
2054 const char *boc, *eoc;
2055
2056 if (*tail)
2057 die("protocol error: got both push certificate and unsigned commands");
2058
2059 boc = strstr(push_cert->buf, "\n\n");
2060 if (!boc)
2061 die("malformed push certificate %.*s", 100, push_cert->buf);
2062 else
2063 boc += 2;
2064 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2065
2066 while (boc < eoc) {
2067 const char *eol = memchr(boc, '\n', eoc - boc);
2068 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2069 boc = eol ? eol + 1 : eoc;
2070 }
2071 }
2072
2073 static struct command *read_head_info(struct packet_reader *reader,
2074 struct oid_array *shallow)
2075 {
2076 struct command *commands = NULL;
2077 struct command **p = &commands;
2078 for (;;) {
2079 int linelen;
2080
2081 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2082 break;
2083
2084 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2085 struct object_id oid;
2086 if (get_oid_hex(reader->line + 8, &oid))
2087 die("protocol error: expected shallow sha, got '%s'",
2088 reader->line + 8);
2089 oid_array_append(shallow, &oid);
2090 continue;
2091 }
2092
2093 linelen = strlen(reader->line);
2094 if (linelen < reader->pktlen) {
2095 const char *feature_list = reader->line + linelen + 1;
2096 const char *hash = NULL;
2097 const char *client_sid;
2098 int len = 0;
2099 if (parse_feature_request(feature_list, "report-status"))
2100 report_status = 1;
2101 if (parse_feature_request(feature_list, "report-status-v2"))
2102 report_status_v2 = 1;
2103 if (parse_feature_request(feature_list, "side-band-64k"))
2104 use_sideband = LARGE_PACKET_MAX;
2105 if (parse_feature_request(feature_list, "quiet"))
2106 quiet = 1;
2107 if (advertise_atomic_push
2108 && parse_feature_request(feature_list, "atomic"))
2109 use_atomic = 1;
2110 if (advertise_push_options
2111 && parse_feature_request(feature_list, "push-options"))
2112 use_push_options = 1;
2113 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2114 if (!hash) {
2115 hash = hash_algos[GIT_HASH_SHA1].name;
2116 len = strlen(hash);
2117 }
2118 if (xstrncmpz(the_hash_algo->name, hash, len))
2119 die("error: unsupported object format '%s'", hash);
2120 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2121 if (client_sid) {
2122 char *sid = xstrndup(client_sid, len);
2123 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2124 free(sid);
2125 }
2126 }
2127
2128 if (!strcmp(reader->line, "push-cert")) {
2129 int true_flush = 0;
2130 int saved_options = reader->options;
2131 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2132
2133 for (;;) {
2134 packet_reader_read(reader);
2135 if (reader->status == PACKET_READ_FLUSH) {
2136 true_flush = 1;
2137 break;
2138 }
2139 if (reader->status != PACKET_READ_NORMAL) {
2140 die("protocol error: got an unexpected packet");
2141 }
2142 if (!strcmp(reader->line, "push-cert-end\n"))
2143 break; /* end of cert */
2144 strbuf_addstr(&push_cert, reader->line);
2145 }
2146 reader->options = saved_options;
2147
2148 if (true_flush)
2149 break;
2150 continue;
2151 }
2152
2153 p = queue_command(p, reader->line, linelen);
2154 }
2155
2156 if (push_cert.len)
2157 queue_commands_from_cert(p, &push_cert);
2158
2159 return commands;
2160 }
2161
2162 static void read_push_options(struct packet_reader *reader,
2163 struct string_list *options)
2164 {
2165 while (1) {
2166 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2167 break;
2168
2169 string_list_append(options, reader->line);
2170 }
2171 }
2172
2173 static const char *parse_pack_header(struct pack_header *hdr)
2174 {
2175 switch (read_pack_header(0, hdr)) {
2176 case PH_ERROR_EOF:
2177 return "eof before pack header was fully read";
2178
2179 case PH_ERROR_PACK_SIGNATURE:
2180 return "protocol error (pack signature mismatch detected)";
2181
2182 case PH_ERROR_PROTOCOL:
2183 return "protocol error (pack version unsupported)";
2184
2185 default:
2186 return "unknown error in parse_pack_header";
2187
2188 case 0:
2189 return NULL;
2190 }
2191 }
2192
2193 static const char *pack_lockfile;
2194
2195 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2196 {
2197 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2198 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2199 }
2200
2201 static const char *unpack(int err_fd, struct shallow_info *si)
2202 {
2203 struct pack_header hdr;
2204 const char *hdr_err;
2205 int status;
2206 struct child_process child = CHILD_PROCESS_INIT;
2207 int fsck_objects = (receive_fsck_objects >= 0
2208 ? receive_fsck_objects
2209 : transfer_fsck_objects >= 0
2210 ? transfer_fsck_objects
2211 : 0);
2212
2213 hdr_err = parse_pack_header(&hdr);
2214 if (hdr_err) {
2215 if (err_fd > 0)
2216 close(err_fd);
2217 return hdr_err;
2218 }
2219
2220 if (si->nr_ours || si->nr_theirs) {
2221 alt_shallow_file = setup_temporary_shallow(si->shallow);
2222 strvec_push(&child.args, "--shallow-file");
2223 strvec_push(&child.args, alt_shallow_file);
2224 }
2225
2226 tmp_objdir = tmp_objdir_create("incoming");
2227 if (!tmp_objdir) {
2228 if (err_fd > 0)
2229 close(err_fd);
2230 return "unable to create temporary object directory";
2231 }
2232 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2233
2234 /*
2235 * Normally we just pass the tmp_objdir environment to the child
2236 * processes that do the heavy lifting, but we may need to see these
2237 * objects ourselves to set up shallow information.
2238 */
2239 tmp_objdir_add_as_alternate(tmp_objdir);
2240
2241 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2242 strvec_push(&child.args, "unpack-objects");
2243 push_header_arg(&child.args, &hdr);
2244 if (quiet)
2245 strvec_push(&child.args, "-q");
2246 if (fsck_objects)
2247 strvec_pushf(&child.args, "--strict%s",
2248 fsck_msg_types.buf);
2249 if (max_input_size)
2250 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2251 (uintmax_t)max_input_size);
2252 child.no_stdout = 1;
2253 child.err = err_fd;
2254 child.git_cmd = 1;
2255 status = run_command(&child);
2256 if (status)
2257 return "unpack-objects abnormal exit";
2258 } else {
2259 char hostname[HOST_NAME_MAX + 1];
2260
2261 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2262 push_header_arg(&child.args, &hdr);
2263
2264 if (xgethostname(hostname, sizeof(hostname)))
2265 xsnprintf(hostname, sizeof(hostname), "localhost");
2266 strvec_pushf(&child.args,
2267 "--keep=receive-pack %"PRIuMAX" on %s",
2268 (uintmax_t)getpid(),
2269 hostname);
2270
2271 if (!quiet && err_fd)
2272 strvec_push(&child.args, "--show-resolving-progress");
2273 if (use_sideband)
2274 strvec_push(&child.args, "--report-end-of-input");
2275 if (fsck_objects)
2276 strvec_pushf(&child.args, "--strict%s",
2277 fsck_msg_types.buf);
2278 if (!reject_thin)
2279 strvec_push(&child.args, "--fix-thin");
2280 if (max_input_size)
2281 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2282 (uintmax_t)max_input_size);
2283 child.out = -1;
2284 child.err = err_fd;
2285 child.git_cmd = 1;
2286 status = start_command(&child);
2287 if (status)
2288 return "index-pack fork failed";
2289 pack_lockfile = index_pack_lockfile(child.out, NULL);
2290 close(child.out);
2291 status = finish_command(&child);
2292 if (status)
2293 return "index-pack abnormal exit";
2294 reprepare_packed_git(the_repository);
2295 }
2296 return NULL;
2297 }
2298
2299 static const char *unpack_with_sideband(struct shallow_info *si)
2300 {
2301 struct async muxer;
2302 const char *ret;
2303
2304 if (!use_sideband)
2305 return unpack(0, si);
2306
2307 use_keepalive = KEEPALIVE_AFTER_NUL;
2308 memset(&muxer, 0, sizeof(muxer));
2309 muxer.proc = copy_to_sideband;
2310 muxer.in = -1;
2311 if (start_async(&muxer))
2312 return NULL;
2313
2314 ret = unpack(muxer.in, si);
2315
2316 finish_async(&muxer);
2317 return ret;
2318 }
2319
2320 static void prepare_shallow_update(struct shallow_info *si)
2321 {
2322 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2323
2324 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2325 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2326
2327 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2328 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2329 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2330
2331 for (i = 0; i < si->nr_ours; i++)
2332 si->need_reachability_test[si->ours[i]] = 1;
2333
2334 for (i = 0; i < si->shallow->nr; i++) {
2335 if (!si->used_shallow[i])
2336 continue;
2337 for (j = 0; j < bitmap_size; j++) {
2338 if (!si->used_shallow[i][j])
2339 continue;
2340 si->need_reachability_test[i]++;
2341 for (k = 0; k < 32; k++)
2342 if (si->used_shallow[i][j] & (1U << k))
2343 si->shallow_ref[j * 32 + k]++;
2344 }
2345
2346 /*
2347 * true for those associated with some refs and belong
2348 * in "ours" list aka "step 7 not done yet"
2349 */
2350 si->need_reachability_test[i] =
2351 si->need_reachability_test[i] > 1;
2352 }
2353
2354 /*
2355 * keep hooks happy by forcing a temporary shallow file via
2356 * env variable because we can't add --shallow-file to every
2357 * command. check_connected() will be done with
2358 * true .git/shallow though.
2359 */
2360 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2361 }
2362
2363 static void update_shallow_info(struct command *commands,
2364 struct shallow_info *si,
2365 struct oid_array *ref)
2366 {
2367 struct command *cmd;
2368 int *ref_status;
2369 remove_nonexistent_theirs_shallow(si);
2370 if (!si->nr_ours && !si->nr_theirs) {
2371 shallow_update = 0;
2372 return;
2373 }
2374
2375 for (cmd = commands; cmd; cmd = cmd->next) {
2376 if (is_null_oid(&cmd->new_oid))
2377 continue;
2378 oid_array_append(ref, &cmd->new_oid);
2379 cmd->index = ref->nr - 1;
2380 }
2381 si->ref = ref;
2382
2383 if (shallow_update) {
2384 prepare_shallow_update(si);
2385 return;
2386 }
2387
2388 ALLOC_ARRAY(ref_status, ref->nr);
2389 assign_shallow_commits_to_refs(si, NULL, ref_status);
2390 for (cmd = commands; cmd; cmd = cmd->next) {
2391 if (is_null_oid(&cmd->new_oid))
2392 continue;
2393 if (ref_status[cmd->index]) {
2394 cmd->error_string = "shallow update not allowed";
2395 cmd->skip_update = 1;
2396 }
2397 }
2398 free(ref_status);
2399 }
2400
2401 static void report(struct command *commands, const char *unpack_status)
2402 {
2403 struct command *cmd;
2404 struct strbuf buf = STRBUF_INIT;
2405
2406 packet_buf_write(&buf, "unpack %s\n",
2407 unpack_status ? unpack_status : "ok");
2408 for (cmd = commands; cmd; cmd = cmd->next) {
2409 if (!cmd->error_string)
2410 packet_buf_write(&buf, "ok %s\n",
2411 cmd->ref_name);
2412 else
2413 packet_buf_write(&buf, "ng %s %s\n",
2414 cmd->ref_name, cmd->error_string);
2415 }
2416 packet_buf_flush(&buf);
2417
2418 if (use_sideband)
2419 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2420 else
2421 write_or_die(1, buf.buf, buf.len);
2422 strbuf_release(&buf);
2423 }
2424
2425 static void report_v2(struct command *commands, const char *unpack_status)
2426 {
2427 struct command *cmd;
2428 struct strbuf buf = STRBUF_INIT;
2429 struct ref_push_report *report;
2430
2431 packet_buf_write(&buf, "unpack %s\n",
2432 unpack_status ? unpack_status : "ok");
2433 for (cmd = commands; cmd; cmd = cmd->next) {
2434 int count = 0;
2435
2436 if (cmd->error_string) {
2437 packet_buf_write(&buf, "ng %s %s\n",
2438 cmd->ref_name,
2439 cmd->error_string);
2440 continue;
2441 }
2442 packet_buf_write(&buf, "ok %s\n",
2443 cmd->ref_name);
2444 for (report = cmd->report; report; report = report->next) {
2445 if (count++ > 0)
2446 packet_buf_write(&buf, "ok %s\n",
2447 cmd->ref_name);
2448 if (report->ref_name)
2449 packet_buf_write(&buf, "option refname %s\n",
2450 report->ref_name);
2451 if (report->old_oid)
2452 packet_buf_write(&buf, "option old-oid %s\n",
2453 oid_to_hex(report->old_oid));
2454 if (report->new_oid)
2455 packet_buf_write(&buf, "option new-oid %s\n",
2456 oid_to_hex(report->new_oid));
2457 if (report->forced_update)
2458 packet_buf_write(&buf, "option forced-update\n");
2459 }
2460 }
2461 packet_buf_flush(&buf);
2462
2463 if (use_sideband)
2464 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2465 else
2466 write_or_die(1, buf.buf, buf.len);
2467 strbuf_release(&buf);
2468 }
2469
2470 static int delete_only(struct command *commands)
2471 {
2472 struct command *cmd;
2473 for (cmd = commands; cmd; cmd = cmd->next) {
2474 if (!is_null_oid(&cmd->new_oid))
2475 return 0;
2476 }
2477 return 1;
2478 }
2479
2480 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2481 {
2482 int advertise_refs = 0;
2483 struct command *commands;
2484 struct oid_array shallow = OID_ARRAY_INIT;
2485 struct oid_array ref = OID_ARRAY_INIT;
2486 struct shallow_info si;
2487 struct packet_reader reader;
2488
2489 struct option options[] = {
2490 OPT__QUIET(&quiet, N_("quiet")),
2491 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2492 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2493 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2494 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2495 OPT_END()
2496 };
2497
2498 packet_trace_identity("receive-pack");
2499
2500 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2501
2502 if (argc > 1)
2503 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2504 if (argc == 0)
2505 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2506
2507 service_dir = argv[0];
2508
2509 setup_path();
2510
2511 if (!enter_repo(service_dir, 0))
2512 die("'%s' does not appear to be a git repository", service_dir);
2513
2514 git_config(receive_pack_config, NULL);
2515 if (cert_nonce_seed)
2516 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2517
2518 if (0 <= transfer_unpack_limit)
2519 unpack_limit = transfer_unpack_limit;
2520 else if (0 <= receive_unpack_limit)
2521 unpack_limit = receive_unpack_limit;
2522
2523 switch (determine_protocol_version_server()) {
2524 case protocol_v2:
2525 /*
2526 * push support for protocol v2 has not been implemented yet,
2527 * so ignore the request to use v2 and fallback to using v0.
2528 */
2529 break;
2530 case protocol_v1:
2531 /*
2532 * v1 is just the original protocol with a version string,
2533 * so just fall through after writing the version string.
2534 */
2535 if (advertise_refs || !stateless_rpc)
2536 packet_write_fmt(1, "version 1\n");
2537
2538 /* fallthrough */
2539 case protocol_v0:
2540 break;
2541 case protocol_unknown_version:
2542 BUG("unknown protocol version");
2543 }
2544
2545 if (advertise_refs || !stateless_rpc) {
2546 write_head_info();
2547 }
2548 if (advertise_refs)
2549 return 0;
2550
2551 packet_reader_init(&reader, 0, NULL, 0,
2552 PACKET_READ_CHOMP_NEWLINE |
2553 PACKET_READ_DIE_ON_ERR_PACKET);
2554
2555 if ((commands = read_head_info(&reader, &shallow))) {
2556 const char *unpack_status = NULL;
2557 struct string_list push_options = STRING_LIST_INIT_DUP;
2558
2559 if (use_push_options)
2560 read_push_options(&reader, &push_options);
2561 if (!check_cert_push_options(&push_options)) {
2562 struct command *cmd;
2563 for (cmd = commands; cmd; cmd = cmd->next)
2564 cmd->error_string = "inconsistent push options";
2565 }
2566
2567 prepare_shallow_info(&si, &shallow);
2568 if (!si.nr_ours && !si.nr_theirs)
2569 shallow_update = 0;
2570 if (!delete_only(commands)) {
2571 unpack_status = unpack_with_sideband(&si);
2572 update_shallow_info(commands, &si, &ref);
2573 }
2574 use_keepalive = KEEPALIVE_ALWAYS;
2575 execute_commands(commands, unpack_status, &si,
2576 &push_options);
2577 if (pack_lockfile)
2578 unlink_or_warn(pack_lockfile);
2579 sigchain_push(SIGPIPE, SIG_IGN);
2580 if (report_status_v2)
2581 report_v2(commands, unpack_status);
2582 else if (report_status)
2583 report(commands, unpack_status);
2584 sigchain_pop(SIGPIPE);
2585 run_receive_hook(commands, "post-receive", 1,
2586 &push_options);
2587 run_update_post_hook(commands);
2588 free_commands(commands);
2589 string_list_clear(&push_options, 0);
2590 if (auto_gc) {
2591 struct child_process proc = CHILD_PROCESS_INIT;
2592
2593 proc.no_stdin = 1;
2594 proc.stdout_to_stderr = 1;
2595 proc.err = use_sideband ? -1 : 0;
2596 proc.git_cmd = proc.close_object_store = 1;
2597 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2598 NULL);
2599
2600 if (!start_command(&proc)) {
2601 if (use_sideband)
2602 copy_to_sideband(proc.err, -1, NULL);
2603 finish_command(&proc);
2604 }
2605 }
2606 if (auto_update_server_info)
2607 update_server_info(0);
2608 clear_shallow_info(&si);
2609 }
2610 if (use_sideband)
2611 packet_flush(1);
2612 oid_array_clear(&shallow);
2613 oid_array_clear(&ref);
2614 string_list_clear(&hidden_refs, 0);
2615 free((void *)push_cert_nonce);
2616 return 0;
2617 }
Unnamed repository; edit this file 'description' to name the repository.